Add TCP/TLS integration tests and examples for Node.js SDK

atharvalade · atharvalade · commit fd8dfee89460 · 2026-02-26T10:54:52.000-06:00
TLS e2e tests for ping, login, message flow, and plain TCP failure scenario
diff --git a/examples/node/package.json b/examples/node/package.json
@@ -19,7 +19,9 @@
     "test:multi-tenant:producer": "tsx src/multi-tenant/producer.ts",
     "test:multi-tenant:consumer": "tsx src/multi-tenant/consumer.ts",
     "test:stream-builder": "tsx src/stream-builder/example.ts",
-    "test:sink-data-producer": "tsx src/sink-data-producer/producer.ts"
+    "test:sink-data-producer": "tsx src/sink-data-producer/producer.ts",
+    "test:tcp-tls:producer": "tsx src/tcp-tls/producer.ts",
+    "test:tcp-tls:consumer": "tsx src/tcp-tls/consumer.ts"
   },
   "keywords": [
     "iggy",
diff --git a/examples/node/src/tcp-tls/consumer.ts b/examples/node/src/tcp-tls/consumer.ts
@@ -0,0 +1,146 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+// TCP/TLS Consumer Example
+//
+// Demonstrates consuming messages over a TLS-encrypted TCP connection
+// using custom certificates from core/certs/.
+//
+// Prerequisites:
+//   Start the Iggy server with TLS enabled:
+//     IGGY_TCP_TLS_ENABLED=true \
+//     IGGY_TCP_TLS_CERT_FILE=core/certs/iggy_cert.pem \
+//     IGGY_TCP_TLS_KEY_FILE=core/certs/iggy_key.pem \
+//     cargo r --bin iggy-server
+//
+// Run this example (from examples/node/):
+//   DEBUG=iggy:* npx tsx src/tcp-tls/consumer.ts
+
+import { readFileSync } from 'node:fs';
+import { Client, PollingStrategy, Consumer } from 'apache-iggy';
+import { BATCHES_LIMIT, log, MESSAGES_PER_BATCH, PARTITION_ID, STREAM_ID, TOPIC_ID } from '../utils';
+
+async function consumeMessages(client: Client): Promise<void> {
+  const interval = 500;
+  log(
+    'Messages will be consumed from stream: %d, topic: %d, partition: %d with interval %d ms.',
+    STREAM_ID,
+    TOPIC_ID,
+    PARTITION_ID,
+    interval,
+  );
+
+  let offset = 0;
+  let consumedBatches = 0;
+
+  while (consumedBatches < BATCHES_LIMIT) {
+    try {
+      log('Polling for messages...');
+      const polledMessages = await client.message.poll({
+        streamId: STREAM_ID,
+        topicId: TOPIC_ID,
+        consumer: Consumer.Single,
+        partitionId: PARTITION_ID,
+        pollingStrategy: PollingStrategy.Offset(BigInt(offset)),
+        count: MESSAGES_PER_BATCH,
+        autocommit: false,
+      });
+
+      if (!polledMessages || polledMessages.messages.length === 0) {
+        log('No messages found.');
+        consumedBatches++;
+        await new Promise(resolve => setTimeout(resolve, interval));
+        continue;
+      }
+
+      offset += polledMessages.messages.length;
+
+      for (const message of polledMessages.messages) {
+        handleMessage(message);
+      }
+
+      consumedBatches++;
+      log('Consumed %d message(s) in batch %d.', polledMessages.messages.length, consumedBatches);
+
+      await new Promise(resolve => setTimeout(resolve, interval));
+    } catch (error) {
+      log('Error consuming messages: %o', error);
+      throw error;
+    }
+  }
+
+  log('Consumed %d batches of messages, exiting.', consumedBatches);
+}
+
+function handleMessage(message: any): void {
+  const payload = message.payload.toString('utf8');
+  log(
+    `Handling message at offset: ${message.headers.offset}, payload: %s...`,
+    payload,
+  );
+}
+
+async function main(): Promise<void> {
+  // Configure the client with TLS transport.
+  // transport: 'TLS'  activates TLS on the TCP connection
+  // ca: readFileSync(...)  provides the CA certificate to verify the server cert
+  // host: 'localhost'  must match the server certificate CN/SAN
+  const client = new Client({
+    transport: 'TLS',
+    options: {
+      port: 8090,
+      host: 'localhost',
+      ca: readFileSync('../../core/certs/iggy_ca_cert.pem'),
+    },
+    credentials: { username: 'iggy', password: 'iggy' },
+  });
+
+  try {
+    log('TLS consumer has started, selected transport: TLS');
+    log('Connecting to Iggy server over TLS...');
+
+    log('Logging in user...');
+    await client.session.login({ username: 'iggy', password: 'iggy' });
+    log('Logged in successfully.');
+
+    await consumeMessages(client);
+  } catch (error) {
+    log('Error in main: %o', error);
+    process.exitCode = 1;
+  } finally {
+    await client.destroy();
+    log('Disconnected from server.');
+  }
+}
+
+process.on('unhandledRejection', (reason, promise) => {
+  log('Unhandled Rejection at: %o, reason: %o', promise, reason);
+  process.exit(1);
+});
+
+if (import.meta.url === `file://${process.argv[1]}`) {
+  void (async () => {
+    try {
+      await main();
+    } catch (error) {
+      log('Main function error: %o', error);
+      process.exit(1);
+    }
+  })();
+}
diff --git a/examples/node/src/tcp-tls/producer.ts b/examples/node/src/tcp-tls/producer.ts
@@ -0,0 +1,128 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+// TCP/TLS Producer Example
+//
+// Demonstrates producing messages over a TLS-encrypted TCP connection
+// using custom certificates from core/certs/.
+//
+// Prerequisites:
+//   Start the Iggy server with TLS enabled:
+//     IGGY_TCP_TLS_ENABLED=true \
+//     IGGY_TCP_TLS_CERT_FILE=core/certs/iggy_cert.pem \
+//     IGGY_TCP_TLS_KEY_FILE=core/certs/iggy_key.pem \
+//     cargo r --bin iggy-server
+//
+// Run this example (from examples/node/):
+//   DEBUG=iggy:* npx tsx src/tcp-tls/producer.ts
+
+import { readFileSync } from 'node:fs';
+import { Client, Partitioning } from 'apache-iggy';
+import { BATCHES_LIMIT, cleanup, initSystem, log, MESSAGES_PER_BATCH, sleep } from '../utils';
+
+async function produceMessages(
+  client: Client,
+  stream: Awaited<ReturnType<typeof initSystem>>['stream'],
+  topic: Awaited<ReturnType<typeof initSystem>>['topic'],
+) {
+  const interval = 500;
+  log(
+    'Messages will be sent to stream: %d, topic: %d with interval %d ms.',
+    stream.id,
+    topic.id,
+    interval,
+  );
+
+  let currentId = 0;
+  let sentBatches = 0;
+
+  for (; sentBatches < BATCHES_LIMIT;) {
+    const messages = Array.from({ length: MESSAGES_PER_BATCH }).map(() => {
+      currentId++;
+      return {
+        id: currentId,
+        headers: [],
+        payload: `message-${currentId}`,
+      };
+    });
+
+    try {
+      await client.message.send({
+        streamId: stream.id,
+        topicId: topic.id,
+        messages,
+        partition: Partitioning.PartitionId(
+          topic.partitions[Math.floor(Math.random() * topic.partitions.length)].id,
+        ),
+      });
+    } catch (error) {
+      log('Error sending messages: %o', error);
+    } finally {
+      sentBatches++;
+      log('Sent messages: %o', messages);
+      await sleep(interval);
+    }
+  }
+
+  log('Sent %d batches of messages, exiting.', sentBatches);
+}
+
+async function main() {
+  // Configure the client with TLS transport.
+  // transport: 'TLS'  activates TLS on the TCP connection
+  // ca: readFileSync(...)  provides the CA certificate to verify the server cert
+  // host: 'localhost'  must match the server certificate CN/SAN
+  const client = new Client({
+    transport: 'TLS',
+    options: {
+      port: 8090,
+      host: 'localhost',
+      ca: readFileSync('../../core/certs/iggy_ca_cert.pem'),
+    },
+    credentials: { username: 'iggy', password: 'iggy' },
+  });
+
+  let streamId = null;
+  let topicId = 0;
+  try {
+    log('TLS producer has started, selected transport: TLS');
+    log('Connecting to Iggy server over TLS...');
+
+    const { stream, topic } = await initSystem(client);
+    streamId = stream.id;
+    topicId = topic.id;
+
+    const pong = await client.system.ping();
+    log('Ping successful.', pong);
+
+    log('Stream ID: %s, Topic ID: %s', streamId, topicId);
+    await produceMessages(client, stream, topic);
+  } catch (error) {
+    log('Error in main: %o', error);
+    process.exitCode = 1;
+  } finally {
+    if (streamId) {
+      await cleanup(client, streamId, topicId);
+    }
+    await client.destroy();
+    log('Disconnected from server.');
+  }
+}
+
+await main();
diff --git a/foreign/node/src/e2e/tls.system.e2e.ts b/foreign/node/src/e2e/tls.system.e2e.ts
